Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1wbWhnLWY3d2MtYzk3bc4AA_i5

Aim Stored XSS through TEXT EXPLORER

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Permalink: https://github.com/advisories/GHSA-pmhg-f7wc-c97m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wbWhnLWY3d2MtYzk3bc4AA_i5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago

CVSS Score: 3.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Identifiers: GHSA-pmhg-f7wc-c97m, CVE-2024-8863
References:

• https://nvd.nist.gov/vuln/detail/CVE-2024-8863
• https://rumbling-slice-eb0.notion.site/Stored-XSS-through-TEXT-EXPLORER-in-aimhubio-aim-d0f07b7194724950a673498546d80d43?pvs=4
• https://vuldb.com/?ctiid.277500
• https://vuldb.com/?id.277500
• https://vuldb.com/?submit.403203
• https://github.com/advisories/GHSA-pmhg-f7wc-c97m

Blast Radius: 7.5

Affected Packages